Back in 2005 the Internet was buzzing over so called “spyware wars” between the US government and the use of spyware. Back then, spyware was the enemy, and authorities tried to kill it with pieces of legislation. As we already know, spyware not only survived, but actually won this “war”. Now, just a few years later, spyware appears to have become an ally of the authorities, not only in the US, but all around the world. How did this happen? What is the reason for this major turnaround? How come such a big enemy of the government suddenly became an important weapon?
Spyware as a weapon
It was year 2010 when we first heard about a cyber attack probably used by the state to infiltrate Iranian computer systems. A virus called Stuxnet that disrupted Iranian controls of their nuclear centrifuges was discovered. The Iranian government accused the US and Israel of creating this spyware to sabotage its nuclear program.
Stuxnet submitted the harvested data to its command and control servers, and collected new instructions from there. After Stuxnet came Duqu, and just recently another spyware was detected. It was called Flame (or Flamer), and apparently has been active since March 2010, stealing information from infected computers and sending it to unknown, control servers.
Flame, identified by Kaspersky, was characterized as having the complexity and functionality that exceeds those of all other cyber menaces known to date. Symantec called it one of the most complex pieces of malware they ever analysed. Flame attacked computers located mainly in Iran, but not only. It was also spotted in Israel, Syria, Sudan, Lebanon, Saudi Arabia, Egypt and even in such “exotic” countries as Russia, Hungary or Austria. What’s interesting, Flame attacked specific, selected targets, and didn’t replicate itself so it would stay hidden for longer. The chosen targets were devices owned by individuals, academic institutions and – what’s most important – government systems.
Right after discovering first spyware attacks on Iran and other Middle Eastern countries, they were linked to American policy makers and secret Israeli actions. Flame had been collecting and stealing data for more than two years, and seems to be a product of an group/organization with clear set of targets and goals.
Strong arguments supporting the claim of US and Israel’s governments involvement in these spyware attacks were just recently published in the NY Times. Also, Vitaly Kamluk, Kapsersky’s chief malware expert, said without a doubt that these attacks were developed and directed by a “state actor”. Comments from government officials (especially in Israel) don’t seem to clarify anything. For example, Israel’s vice prime minister Moshe Yaalon very recently said:
“Whoever sees the Iranian threat as a significant threat is likely to take various steps, including these, to hobble it,”
“Israel is blessed with high technology, and we boast tools that open all sorts of opportunities for us.”
It is getting harder and harder to believe that the authorities (American, Israel or maybe other?) have absolutely nothing to do with such specific, selected attacks on countries considered a threat by both the US and Israel. Assuming they play a major role in these attacks, we can clearly see how spyware becomes a new form of weapon in “cyber wars”.
When the goal in confrontation is to get as much information about the enemy as possible, spyware can become very useful. But there’s a flip side to this: What happens when it is the citizens who become “the enemy”?
Who’s the enemy?
Our attention may be turned to Iran, but at the same time in another Arabic country, spyware is being used for completely different purposes. In Syria in the middle of a revolt, the regime and its supporters are using spyware to infiltrate and fight the opposition.
Apparently supporters of president/dictator Bashar al-Assad created (or maybe bought?) privacy-invading spyware which steals important and personal data from the victim’s computer. Using collected date, supporters of the dictatorship can not only find out more about the opposition, but also steal identities of the revolutionaries, or impersonate them to spread the virus and get more and more valuable information.
Thanks to spyware, Syria can be much more efficient in their fight with opposition – an opposition fighting for freedom and (possibly) democracy. That way, the regime can concentrate on eliminating the biggest threats – most important revolutionaries. And using spyware effectively helps the government receive all valuable information about freedom supporters.
Spyware as a mercenary?
As it turns out, spyware became a very useful weapon not only in the hands of hackers, corporations but even states. It can be used in case of an international conflict, to but also (which is much more scary) to silence the country’s citizens in times of political or social turmoil.
You can only hope, that you won’t find yourself on the wrong side of the conflict. Well, not exactly. You can be cautious and take care of your Internet privacy right now (e.g., by getting anti-spyware software, vpn service etc.). Better safe than sorry, right?